141 matches found
UBUNTU-CVE-2021-45292
The gfisomhintrtpread function in GPAC 1.0.1 allows attackers to cause a denial of service Invalid memory address dereference via a crafted file in the MP4Box command...
ALPINE-CVE-2021-41105
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. When handling SRTP calls, FreeSWITCH prior to version 1.10.7 is susceptible to a DoS where calls can be terminated...
CVE-2021-36584
An issue was discovered in GPAC 1.0.1. There is a heap-based buffer overflow in the function gprtpbuilderdotx3g function in ietf/rtppck3gpp.c, as demonstrated by MP4Box. This can cause a denial of service DOS...
UBUNTU-CVE-2021-36584
An issue was discovered in GPAC 1.0.1. There is a heap-based buffer overflow in the function gprtpbuilderdotx3g function in ietf/rtppck3gpp.c, as demonstrated by MP4Box. This can cause a denial of service DOS...
Qualcomm 组件缓冲区错误漏洞
The Qualcomm Component is a component of Qualcomm Incorporated USA. An intrinsic part that provides the functionality of Qualcomm devices. A security vulnerability exists in the Qualcomm Component that stems from a buffer over-read when decompressing RTCP packets, where we may read additional byt...
ALPINE-CVE-2021-26712
Incorrect access controls in ressrtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets...
The vulnerability in the implementation of the WebRTC technology for browser-based applications by Mozilla Firefox and Firefox-ESR allows a attacker to induce a service failure.
The vulnerability of the WebRTC streaming data transmission technology in Mozilla Firefox and Firefox-ESR implementations is related to an inappropriate type of payload type in the RTP packets sent. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
libsrtp: buffer overflow in application of crypto profiles
Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service crash via vectors related to a length inconsistency in the cryptopolicysetfromprofileforrtp and srtpprotect functions...
nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate
A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application compiled with nss. While the attack complexi...
Unspecified Vulnerability in Mitel Networks 6800 and 6900 SIP Series
Mitel Networks 6800 SIP and Mitel Networks 6900 SIP are both products of Mitel Networks Canada.Mitel Networks 6800 SIP is a 6800 SIP series IP phone.Mitel Networks 6900 SIP is a 6900 Mitel Networks 6900 SIP is a 6900 SIP series IP phone. A security vulnerability exists in the SRTP 128-bit key...
nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate
A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application compiled with nss. While the attack complexi...
nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate
A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application compiled with nss. While the attack complexi...
nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate
A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application compiled with nss. While the attack complexi...
The vulnerability of the RTP protocol implementation in the VideoLAN VLC media player software allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the RTP protocol implementation in the VideoLAN VLC media player lies in buffer overflows in the dynamic memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failure by using a specially created ogg file...
CVE-2018-6344
A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to...
PT-2018-17492 · Whatsapp · Whatsapp For Ios +2
Name of the Vulnerable Software and Affected Versions: WhatsApp for Android versions prior to 2.18.293 WhatsApp for iOS versions prior to 2.18.93 WhatsApp for Windows Phone versions prior to 2.18.172 Description: A heap corruption issue can occur in WhatsApp due to a malformed RTP packet being se...
Just Answering A Video Call Could Compromise Your WhatsApp Account
What if just receiving a video call on WhatsApp could hack your smartphone? This sounds filmy, but Google Project Zero security researcher Natalie Silvanovich found a critical vulnerability in WhatsApp messenger that could have allowed hackers to remotely take full control of your WhatsApp just b...
Mozilla: Mismatched RTP payload type can trigger memory corruption (MFSA 2018-07)
When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR 52.7 and Firefox 59...
UBUNTU-CVE-2017-14099
In res/resrtpasterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure media takeover in the RTP stack is possible with careful timing by an attacker. The...
DEBIAN-CVE-2017-14099
In res/resrtpasterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure media takeover in the RTP stack is possible with careful timing by an attacker. The...